From 9ed7ca5b86240313dc4df8dbf4ff67be112084c1 Mon Sep 17 00:00:00 2001 From: Harald Welte Date: Thu, 28 Apr 2016 11:10:01 +0200 Subject: [PATCH] ipa_bts_id_resp(): handle non-existing members of ipacces_unit Just because the IPA server is requesting certain identities via the CCM protocol, doesn't mean that the client actually has those fields available and initialized in struct ipaccess_unit. Instad of segfaulting the client, let's check if the respective identities are known. If yes, send them. If not, send the empty string for that particular identity. --- src/input/ipaccess.c | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/src/input/ipaccess.c b/src/input/ipaccess.c index a4c75b2..1cb541e 100644 --- a/src/input/ipaccess.c +++ b/src/input/ipaccess.c @@ -570,6 +570,8 @@ ipa_bts_id_resp(struct ipaccess_unit *dev, uint8_t *data, int len, int trx_nr) char str[IPA_STRING_MAX]; uint8_t *tag; + memset(str, 0, sizeof(str)); + nmsg = ipa_msg_alloc(0); if (!nmsg) return NULL; @@ -595,16 +597,20 @@ ipa_bts_id_resp(struct ipaccess_unit *dev, uint8_t *data, int len, int trx_nr) dev->mac_addr[4], dev->mac_addr[5]); break; case IPAC_IDTAG_LOCATION1: - strncpy(str, dev->location1, IPA_STRING_MAX); + if (dev->location1) + strncpy(str, dev->location1, IPA_STRING_MAX); break; case IPAC_IDTAG_LOCATION2: - strncpy(str, dev->location2, IPA_STRING_MAX); + if (dev->location2) + strncpy(str, dev->location2, IPA_STRING_MAX); break; case IPAC_IDTAG_EQUIPVERS: - strncpy(str, dev->equipvers, IPA_STRING_MAX); + if (dev->equipvers) + strncpy(str, dev->equipvers, IPA_STRING_MAX); break; case IPAC_IDTAG_SWVERSION: - strncpy(str, dev->swversion, IPA_STRING_MAX); + if (dev->swversion) + strncpy(str, dev->swversion, IPA_STRING_MAX); break; case IPAC_IDTAG_UNITNAME: snprintf(str, sizeof(str), @@ -615,7 +621,8 @@ ipa_bts_id_resp(struct ipaccess_unit *dev, uint8_t *data, int len, int trx_nr) dev->mac_addr[4], dev->mac_addr[5]); break; case IPAC_IDTAG_SERNR: - strncpy(str, dev->serno, IPA_STRING_MAX); + if (dev->serno) + strncpy(str, dev->serno, IPA_STRING_MAX); break; default: LOGP(DLINP, LOGL_NOTICE,